IT Audit - The Institute Of Internal Auditors  


Vol. 10, August 10, 2007
printPrint Article
printPrint Entire Issue

Public and Private Entities Face Significant Cybercrime Challenges

Cybercrime’s impact on the U.S. economy reflects billion-dollar losses and threatens national security, according to the recent Government Accountability Office study, Public and Private Entities Face Challenges in Addressing Cyber Threats. A 2005 Federal Bureau of Investigation (FBI) survey estimated the annual loss due to computer crime at US $67.2 billion. In addition, a coordinated cyber attack by U.S. adversaries, including terrorist organizations and nation-states, could result in a significant disruption in financial sectors, air traffic control, and electric power distribution. Terrorist organizations have raised money using cybercrime as well, according to FBI testimony.

To combat the growing threat of cybercrime, GAO says that the Department of Justice, Homeland Security, and Department of Defense, and the Federal Trade Commission, as well as state and local law enforcement entities, are responsible for protecting against and prosecuting those who commit cybercrime. Private businesses (e.g., software developers and Internet service providers) can assist by developing technology to detect and protect against cybercrime, and by aiding investigators in gathering evidence. Information-sharing partnerships between the public and private sector, both nationally and internationally, are also key in the efforts to fight cybercrime, according to the study.

The study acknowledged a number of challenges in addressing cyber threats, including those faced by law enforcement. One of the specific risks involves the FBI’s and Secret Service’s policies of rotating staff, which result in the agencies having a difficult time training and retaining personnel with the technological skills necessary to detect and prosecute cybercrime. GAO outlined these and other challenges in the following chart:



Reporting cybercrime.

Accurately reporting cybercrime to law   enforcement.

Ensuring adequate law enforcement analytical and technical capabilities.

Obtaining and retaining investigators, prosecutors, and cyberforensics examiners.
Keeping up-to-date with current technology and criminal techniques.

Working in a borderless environment with laws of multiple jurisdictions.

Investigating and prosecuting cybercrime that transcends borders with laws and legal procedures of multiple jurisdictions.

Implementing information security practices and raising awareness.

Protecting information and information systems.
Raising awareness about criminal behavior.


In conclusion, GAO gave specific recommendations to the Attorney General and the Secretary of Homeland Security to help ensure adequate law enforcement analytical and technical capabilities. In addition, the study reported that despite efforts to raise awareness among users, additional support is needed by both the public and private sectors to educate consumers and end-users in recognizing cyber attacks.

To download GAO’s report, click on (PDF, 1.51 MB).

Rate this article!
Extremely relevant    6    5    4    3    2    1    Not relevant
Extremely useful    6    5    4    3    2    1    Not useful